1. What personal data do we collect?
Best Friend collects two types of personal data, personal data that you provide us with and personal data that we collect about you automatically.
Personal data that you provide
Personal data collected for creating a customer account:
• Your first and last name
• Your e-mail address
• Your username and password
Personal data collected for processing and invoicing your purchases and orders from our web shop and for customer relationship management purposes:
• Your first and last name
• Your e-mail address
• Your postal, billing and delivery address
• Your telephone number
• Your identity number
• Your gender
• Details regarding your purchases and orders
• Bank account and payment card details
• Credit information
• Your correspondence and communications with us
Personal data collected for marketing purposes:
• Information about any services provided to you
• Information about your communication and marketing preferences
• Information about your interests, preferences, feedback and survey responses
• E-mail address
• Direct marketing permission and prohibitions
Personal data that we collect automatically
• Your IP-address
• ID of your device
• The make and model of your device
• Apps you use
• the browser you use
• your computer’s operation system
• your online browsing activities on our website
• from which Web address, server and domain you entered our website
• Your location
2. Purpose of the processing of personal data
We process your personal data for the following purposes:
• To provide and operate our services
• To deliver and invoice our products
• To handle customer feedback and complaints
• To carry out customer relationship management
• To improve our services and to keep them secure
• To personalize our services
• To present the content of our websites to you in a manner ideal for your device
• To improve the functionality and content and the user experience on our websites
• To monitor the use of our websites
• To conduct market research
• To provide you with our newsletter and offers
• To display targeted digital adverting and offer our products to you as allowed by law
• To comply with our legal obligations
3. Legal basis for the processing of personal data
Our legal basis for collecting and using the personal data described above will depend on the personal data concerned and the specific context in which we collect it.
We will collect personal data from you only:
• where we need the personal data to perform a contract with you
• where the processing is in our legitimate interests and not overridden by your rights, or
• where we have your consent to do so.
4. Where do we collect your personal data from?
Personal data is mainly collected directly from you yourself. We also collect data automatically from your device during your visit on our website.
In addition, we may collect your personal data from third party sources in order to fulfill the purposes of the processing of personal data described in section 2 above. Such third-party sources are i.e. the Population Information System, your bank and third-party service providers providing credit investigation services.
The websites of Best Friend use session-specific cookies and tracking cookies (GoogleAnalytics). Session-specific cookies are stored in memory while the browser is open and deleted when the browser is closed. Only the tracking cookies used to identify new visitors and returning visitors are retained. This data is used to improve the functionality and contents of the website.
Most browser programs allow you to disable cookies. You should note that cookies may be necessary for the proper functioning of the different sections of the website.
More information regarding tracking cookies provided by Google Analytics is available here.
6. For how long will your personal data be stored?
Best Friend stores your personal data only for as long as it is necessary to fulfill the purposes set out in section 2 above.
Personal data collected when creating a customer account is deleted when the customer account has been inactive for 26 months. In addition, you can independently delete the personal data stored at your customer account at any time.
Personal data collected when using our web shop is stored for 26 months after the purchase or order. However, personal data included in invoices are stored for 6 years in accordance with the Finnish Accounting Act.
Personal data collected when visiting our websites is stored 26 months from when it was collected from your device.
Personal data collected when filling in the newsletter subscription are stored for as long as the person has not prohibited digital direct marketing.
In addition, we may need to retain some of your personal data for a longer period if there is a legal claim or if we are required to so by law.
7. Who else processes your personal data?
Your personal data may be handled by the companies within the Best Friend Group in the extent it is provided by in the applicable data protection legislation.
Best Friend may also outsource the processing of your personal data to a third-party service provider (“data processor”), in order to fulfill the purposes of the processing of personal data listed in section 2 above. The data processor processes your personal data on behalf of and in the extent approved by Best Friend and in accordance with documented instructions provided by Best Friend.
Best Friend shall use only data processors providing sufficient guarantees to implement appropriate technical and organizational measures in such a manner that processing will meet the requirements of applicable data protection legislation and ensure the protection of your rights.
We only disclose personal to third parties for their independent use in cases presented in Section 7.
8. Disclosure of your personal data
We will not sell or lease out your personal data to third parties for their independent purposes.
Personal data is disclosed to third-parties only in the following situations:
• We may disclose personal data to authorities or to other parties if required to do so by law; or
• In the case of mergers, acquisitions, or other kinds of re-arrangements of our business operations, personal data may be transferred to buyers and their advisors.
9. Where is your personal data processed?
We typically store our data in the EU or the EEA. If any data is transferred outside the EU or EEA, we will ensure that the country to which the data is transferred is approved as having a sufficient level of privacy protection by the European Commission, or by using standard contractual model clauses approved by the European Commission.
10. How do we protect your personal data?
We use technical and organizational measures to protect personal data against unauthorized access, transfer, deletion or other handling that may compromise information security. Such methods include the use of firewalls, encryption technologies and safe server rooms, proper access control systems, the controlled provision of user rights and supervision of their use, providing instructions for data processors, and the thorough selection of competent subcontractors who comply with industry standards for information security management.
11. Your rights
Right of access – you have the right to obtain information on the processing of your personal data, have access to your personal data and verify the personal data we are processing about you.
Right of rectification – you have the right to require correction and supplementation of inaccurate and incorrect personal data.
Right to be forgotten – you have the right to require the removal of your personal data.
Right to restriction of processing – you have the right to require the processing of your personal data to be restricted.
Right of portability – You have the right to obtain your personal data in a formatted form and transfer this data to another registrar, provided that you have personally provided such personal data to us.
Right to object – you have the right to object to the processing of your personal data on the basis of your personal circumstances, if your personal data is processed based on our legitimate advantage. You also have the right to object to the processing of your personal data for direct marketing purposes.
Right to withdraw your consent - you have the right to withdraw your consent and object to the processing of your personal data if the processing of your personal data is based on your consent.
Right to file a complaint – you have the right to file a complaint with the appropriate supervisory authority if you consider that we have not processed your personal data in accordance with applicable data protection legislation.
Best Friend Group Oy
PL 1769 (Kellonkierto 3)
70461 Kuopio, Finland
Tel. +358 40 757 6237